UK CNI · Energy · OT Security

National Grid Cybersecurity Interview Pack

National Grid is UK Critical National Infrastructure and a designated NIS Operator of Essential Services. Interviews probe OT cyber depth, regulatory fluency (NIS / OFGEM CAF) and operational resilience.

// hiring focus
- OT / ICS Cybersecurity - SOC + Threat Intelligence for CNI - Cyber Resilience & Compliance (NIS, CAF, NIST CSF) - Identity & Access (OT/IT convergence) - Cyber Architecture
National Grid operates the electricity transmission network across England and Wales and runs major gas + electricity businesses in the US Northeast. As an Operator of Essential Services it falls under NIS Regulations and is assessed against OFGEM's Cyber Assessment Framework (CAF). The cyber team sits across IT (corporate) and OT (substation, control centre, grid telemetry). Interviews assess depth on whichever side you're applying to, plus the convergence story.
// hiring loop
- Recruiter screen - Hiring manager call (often deep technical) - Panel interview: 60-90m with 2-3 panellists covering technical, behavioural, scenario - Optional site visit / second technical round for senior OT roles - Offer (UK security vetting may apply)
// interviewer style + signals
Pragmatic, safety-first, regulator-aware. OT engineers value protocol fluency (DNP3, IEC 61850, IEC 60870-5-104) and respect for the engineering teams who own the assets. Expect questions framed around 'lights stay on' — never 'lock the door at any cost'.
// recent themes & hot topics
NIS2 + UK Cyber Resilience Bill alignment, post-Volt Typhoon CNI hardening, supply-chain (vendor cyber attestations for substation kit), AI in grid optimisation security, integration of distributed energy resources (DER), legacy SCADA modernisation.

Sample interview questions

  1. 01

    How would you design an IDS deployment for a 400kV substation?

    Show strong-answer outline

    Passive monitoring only (SPAN / TAP, never inline), protocol-aware sensor (DNP3, IEC 61850, GOOSE), out-of-band management network, alert routing to OT SOC with engineering on-call, false-positive tuning informed by maintenance windows. No active scanning.

  2. 02

    A vendor needs remote access to patch a substation RTU. Walk me through the controls.

    Show strong-answer outline

    Time-bound jump-host access via DMZ broker, MFA + just-in-time credential, full session recording, engineer escort, change-window approval, post-session log review, vendor cyber attestation on file.

  3. 03

    Explain the difference between IT and OT incident response priorities.

    Show strong-answer outline

    IT: confidentiality + integrity first, availability third. OT: safety + availability first, integrity second, confidentiality third. Containment actions that take systems offline can directly endanger lives and the grid — coordinate every step with operations.

  4. 04

    How does NIS2 / CAF differ from ISO 27001 in your day-to-day?

    Show strong-answer outline

    CAF is outcomes-focused with 4 objectives (manage risk, protect, detect, minimise impact). ISO is controls-based. CAF assessments emphasise evidence of effectiveness, not just policy existence. OFGEM scrutiny is tougher than typical certification.

  5. 05

    Tell me about an incident that affected operations.

    Show strong-answer outline

    STAR with safety + availability framing, regulator awareness, post-incident review. Avoid stories where confidentiality dominated.

Frequently asked questions

Do I need OT background?

For OT roles yes. For corporate IT cyber roles, OT exposure is a plus but not required.

Is there a clearance requirement?

BPSS minimum. SC for roles touching national control infrastructure.

Hybrid working?

Yes — but OT roles require regular substation / control-room presence.

Run the National Grid loop as a graded mock

Premium members get the full round structure, signals, and AI-graded practice.

Start free